- PwC’s latest survey finds that 96% of executives have shifted their cybersecurity strategy due to Covid-19 and 40% of executives say they are accelerating digitization.
- IDC expects worldwide security spending to reach $174.7 billion in 2024 with a compound annual growth rate (CAGR) of 8.1% over the 2020-2024 forecast period.
- Funding for non-US-headquartered cybersecurity companies will increase by 20% in 2021, according to Forrester’s 2021 cybersecurity predictions.
- Analysys Mason predicts mobile device security will be the fastest-growing cyber-security category of all, attaining a 17% CAGR between 2019 and 2025, reaching $13 billion.
In 2020, breaches are the digital pandemic proving to be just as insidious and difficult to stop as Covid-19. Cyberattacks on healthcare facilities in the U.S. this year alone have affected 17.3 million people in 436 breaches tracked by the U.S. Department of Health and Human Services (HHS) Breach Portal. That is up from 31 breaches affecting 419,000 people in January alone. Malicious actors often attack healthcare providers because medical records are best-sellers on the Dark Web and are challenging to track and can sell for up to $1,000 each. State-sponsored cyberattacks discovered earlier this month add a new dimension to the cybersecurity arms race that is accelerating.
The following predictions provide insights into how cybersecurity will evolve in 2021:
- 55% of enterprise executives plan to increase their cybersecurity budgets in 2021 and 51% are adding full-time cyber staff in 2021. PwC found that most executives are planning to ramp up their cybersecurity spending in 2021 despite the majority of them, 64%, expecting business revenues to decline. PwC found that cybersecurity is more business-critical than ever before. “The circumstances we find ourselves in with the economy are putting a lot of pressure on security organizations to make sure that the investments we’re making are efficient and high-value,” says Katie Jenkins, CISO, Liberty Mutual. Getting the most value for every cybersecurity dollar spent becomes more critical as entities digitize: every new digital process and asset becomes a new cyber-attack vulnerability. Source: PwC, Global Digital Trust Insights 2021, October 5, 2020.
- Next-generation Identity and Access Management, messaging security and network security are the three hot spots of enterprise cybersecurity spending in 2021. McKinsey sees three hot spots leading enterprise cybersecurity spending in 2021. These include Identity and Access Management, messaging and network security. McKinsey predicts perimeter and endpoint security, secured automation and security for trusted third parties. The following graphic compares cybersecurity spending by technology and organization. Source: McKinsey and Company,
- Passwordless Authentication, Cloud Workload Protection Platform and Cloud Security Posture Management are predicted to be among the most influential technologies in cybersecurity within the next three years. In October of this year, Gartner introduced their Impact Radar for Security framework. One of the new framework goals is to compare how influential a given cybersecurity technology will be within a specific time horizon or range. Zero Trust Networking is predicted to have an impact within one to three years. Source: Gartner Blog, Announcing Gartner’s New Impact Radar for Security, Swati Rakheja, October 27, 2020.
- IDC predicts security services will be the largest and fastest-growing segment of the security market, accounting for roughly half of all spending throughout the 2020 – 2024 forecast period, attaining a 10.5% five-year CAGR. Managed security services – single-tenant solutions operated by third-party providers and residing on customers’ premises (customer premises equipment) – is the largest category of security services spending, followed by integration services and consulting services. Managed security services will also be the fastest-growing segment with a five-year CAGR of 13.6%. Software will be the second largest segment of the security market, led by endpoint security and security analytics, intelligence, response and orchestration software. Source: IDC, Ongoing Demand Will Drive Solid Growth for Security Products and Services, According to New IDC Spending Guide.
- The exponential increase in cybercrime, including breaches, phishing, privilege access credential abuse and endpoint security attacks, contributes to a projected 12% CAGR in cybersecurity IT spending by 2021. The global market for cybersecurity software is predicted to grow from $183.2 billion in 2019 to $230 billion in 2021, attaining a 12% CAGR in the forecast period. Source: Covid-19 Impact On Cybersecurity Market, 2020.
- Flint Brenton, President and CEO of Centrify, predicts that Intellectual Property will be hackers’ next golden ticket. Intellectual property will be hackers’ next golden ticket. In 2020, we saw a rise in healthcare breaches, likely because patient records often fetch up to $1,000 each. Compared to credit card data, which goes for just $12-20 and email addresses, which average around $100 in bulk, it makes complete financial sense. But during the COVID-19 pandemic, we began seeing an alarming trend of cyber adversaries targeting intellectual property such as vaccine research, including Russia’s APT29 going after research centers in the U.K., U.S. and Canada. With countries and companies around the world competing to be the first to announce a distributable vaccine, we believe hackers and possibly even insiders will begin releasing the fruits of their malicious efforts on the Dark Web in 2021 — for a premium fee of tens, if not hundreds of thousands of dollars.
- Dianne Lapierre, CIO of Absolute Software, predicts the need to do more with what we already have will lead many CIOs and CISOs to take a long, hard look at all of their software assets and conduct an honest assessment of what they really need. She believes that as we head into 2021, we’re going to see a high appetite for risk mitigation but low appetite for significant budgetary spend. “When it comes to IT and security applications because we don’t trust them independently, we have the tendency to pile them on top of each other. This leads us to what I call the belt and suspenders problem; we don’t need both the belt and the suspenders. And, what we’re learning is that the layering of application upon application actually introduces more problems than it solves. From both a risk management and cost savings perspective, this presents a real opportunity to rationalize security technologies and systems.”
- Analysys Mason predicts Small & Medium Business (SMB) spending on cybersecurity (including hardware, software and services) worldwide will grow at a 10% CAGR between 2019 to 2024, becoming an $80 billion market in four years. SMB spending on cloud-based security solutions will outpace that on on-premises hardware and software based on the firm’s forecast. Analysys Mason factored in how significantly the change in working habits caused by Covid-19 restrictions is increasing demand for cybersecurity solutions, especially for managed security services and cloud-based solutions. Source: SMB spending on cloud-based security solutions will outpace that on on-premises hardware and Software, August 12, 2020.
- Enterprise cybersecurity spending will grow the fastest in four key industries, including healthcare systems and services, banking & financial, technology & media telecom and public and social sectors. In the next 12 months, cybersecurity spending will grow the fastest in large-scale enterprises competing in four key industries. McKinsey predicts cybersecurity spending will bounce back faster in enterprises compared to small and medium-sized enterprises (SMEs). McKinsey expects to see budget increases for specific segments for financial-services and insurance industries, including security controls for the cloud-based business functions. Source: McKinsey and Company, COVID-19 crisis shifts cybersecurity priorities and budget, July 21, 2020.
- In 2021, advances in AI and machine learning will allow devices to self-heal and self-secure by as much as 80%, allowing IT to set policies and know their devices and data are secure, predicts Alan Braithwaite, Senior Director, Product Management at Ivanti. Not only will this mean that IT can focus on transforming their business to be more competitive in their market, users can expect to receive a more ambient, personalized device experience where they can remain productive regardless of where they are working or the device they use.
- Forrester predicts funding for non-US-headquartered cybersecurity companies will increase by 20% in 2021. Heidi Shey, Principal Analyst at Forrester, says multinational firms must give up their single-sourcing approach and accept the reality of point solutions based on region. She also predicts a CISO from a Global 500 firm will be fired for instilling a toxic security culture and audit findings and budget pressure will lead to an uptick of risk quantification tech. Source: Predictions 2021: The Path To A New Normal Demands Increased Cybersecurity Resilience by Heidi Shey, Principal Analyst, October 26, 2020.
- Vulnerability remediation will continue to be a struggle for many organizations into 2021 and beyond. The median time to create a functional exploit is 22 days. The average shelf life of an exploit is seven years. Chris Goettl, Senior Director Product Management at Ivanti, says threat actors can move faster than most companies can and are getting long life out of the exploits they create. To stay ahead of attackers, companies will look to improve visibility and telemetry to understand trending exploits and to mitigate or eliminate these vulnerabilities to reduce their exposure significantly.
- Cybersecurity Ventures expects global cybercrime costs to grow by 15% per year over the next five years, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015. Steve Morgan, Editor-in-Chief of Cybercrime Magazine’s recent article, provides a wealth of data and market insights on cybercrime’s financial impact globally. Cybersecurity Ventures finds that if cybercrime were measured as a country, it would be the world’s third-largest economy after the U.S. and China.
- Analysys Mason predicts that further consolidation of endpoint security vendors is inevitable. Their latest cybersecurity research note points out that large security vendors continue to grow organically and through acquisition. Smaller vendors, especially endpoint security vendors, are struggling to increase revenue. According to Analysys Mason, too many endpoint security vendors have low annual revenue of under $500M and are growing slower than the market and do not have meaningful differentiators. According to the firm, mergers are inevitable if these vendors are to remain viable in the long term. Private equity firms with multiple sub-scale security vendors in their portfolio may consider merging them in 2021. Source: Analysys Mason’s predictions for business connectivity, communications, IoT and security in 2021, December 7, 2020.